CN101808317B - Computer device and method for realizing wireless local area network security measure - Google Patents

Computer device and method for realizing wireless local area network security measure Download PDF

Info

Publication number
CN101808317B
CN101808317B CN200910078145.2A CN200910078145A CN101808317B CN 101808317 B CN101808317 B CN 101808317B CN 200910078145 A CN200910078145 A CN 200910078145A CN 101808317 B CN101808317 B CN 101808317B
Authority
CN
China
Prior art keywords
wapi
equipment
local area
area network
network card
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN200910078145.2A
Other languages
Chinese (zh)
Other versions
CN101808317A (en
Inventor
周超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo Beijing Ltd
Original Assignee
Lenovo Beijing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lenovo Beijing Ltd filed Critical Lenovo Beijing Ltd
Priority to CN200910078145.2A priority Critical patent/CN101808317B/en
Publication of CN101808317A publication Critical patent/CN101808317A/en
Application granted granted Critical
Publication of CN101808317B publication Critical patent/CN101808317B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention provides a computer device and a method for realizing a wireless local area network security measure. The computer device comprises a network card device and a WAPI device independent from the network card device, wherein the WAPI device comprises a wireless local area network authentication infrastructure unit and a wireless local area network privacy infrastructure unit; the wireless local area network authentication infrastructure unit is used for sending a user environment allocation file and WAPI information elements when establishing a link with a wireless access point AP and successfully establishing the link with the AP; the wireless local area network privacy infrastructure unit is used for using an encryption and decryption key to carry out encryption and decryption on network data after the wireless local area network authentication infrastructure unit establishes the link with the AP; the network card device comprises a receiving unit and a forwarding unit; the receiving unit is used for receiving the user environment allocation file and the WAPI information elements from the AP and informing the WAPI device to send the WAPI information elements; and the forwarding unit is used for forwarding the AWPI information elements to the AP. By applying the technology of the embodiment, the process for the computer to carry out encryption and decryption on the network data and the wireless network card are subjected to the layered design so as not to depend on the original wireless network card and reduce dependence on foreign manufacturers.

Description

A kind of computer equipment and method that realizes wireless local area network security measure
Technical field
The present invention relates to the network authentication technology, refer to a kind of computer equipment and method that realizes wireless local area network security measure especially.
Background technology
Radio local area network authentication and confidentiality foundation structure (WAPI, WLAN Authentication and PrivacyInfrastructure) is the employing wireless communication technology (WLAN, the Wireless Local Area Network) security solution that proposes in the Chinese WLAN (wireless local area network) standard GB 15629.11.WAPI adopts the elliptic curve cryptography (ECC) of RSA arithmetic of State Secret Code Regulatory Commission Office's approval and the block cipher (SMS4) of privacy key system, has realized identification authentication, link verification, access control and the user profile encipherment protection under transmission of status of equipment.
In existing implementation, based on the certificate mechanism of public key cryptography system, if realize bi-directional authentification between portable terminal (MT) and WAP (wireless access point) (AP); Normally realized by the integrated WAPI function of wireless network card, that is, and hardware vendor oneself or cooperate in wireless network card, to have realized WAPI with other manufacturers.
The inventor is in realizing process of the present invention, find that there are the following problems at least in the prior art: WAPI can not be separated with hardware, limited the developer that is absorbed in the WAPI technology to the development of WAPI technology, and, because WAPI is integrated on the hardware network interface card, causes needing to obtain in the process of the WAPI function being carried out subsequent upgrade the permission of other enterprises.
Summary of the invention
The purpose of this invention is to provide a kind of computer equipment and method that realizes wireless local area network security measure, be used for breaking away from the dependence to overseas enterprise realizing the WAPI technical process, realize the upgrading to the WAPI technology.
In order to address the above problem, on the one hand, the invention provides a kind of computer equipment, include network card equipment, also comprise and described network card equipment WAPI equipment independently mutually, comprise in the described WAPI equipment: the radio local area network authentication infrastructure element is used for sending user environment profile and WAPI information element when setting up link with a wireless access points AP; And when the authorization information received from described AP, successfully set up link with described AP; Wherein, described authorization information is about described WAPI information element and the described AP information that the match is successful; The wireless local area network security foundation structure unit is used for after described radio local area network authentication infrastructure element is set up link with described AP, and use encrypting and decrypting key carries out encryption and decryption to network data; Network card equipment includes receiving element, judging unit, retransmission unit; Wherein, described receiving element be used for to receive described user environment profile and from the WAPI configuration information of described AP; Described judging unit is used for described user environment profile and described WAPI configuration information are compared, when the content in the described user environment profile is included in the described WAPI configuration information, notify described WAPI equipment to send described WAPI information element; Described retransmission unit is used for described WAPI information element is transmitted to described AP, and will notify described WAPI equipment from the described authorization information of described AP.
Preferably, also comprise: user interaction unit is used for receiving user's input, and shows corresponding feedback information; The network configuration user interface elements is used for the input according to described user, notifies described radio local area network authentication infrastructure element to generate a described user environment profile.
Preferably, described radio local area network authentication infrastructure element also comprises: the key agreement unit, be used for and described AP between the described encrypting and decrypting key of dynamic negotiation.
Preferably, described network card equipment also comprises: the first working mode change module, be used for being under the normal mode at described network card equipment, notify described network card equipment that the described network data that will send is encrypted, the described network data that receives is decrypted;
When the content in the described user environment profile is included in the described WAPI configuration information, described network card equipment is set is in safe unloading mode, wherein said safe unloading mode is used for receiving the described WAPI information element that the described WAPI equipment of arrival sends;
Set up after link is connected at described network card equipment and described wireless access points AP, described network card equipment is set is in one by pattern, by under the pattern, described network card equipment no longer is encrypted deciphering to network data described.
Preferably, described wireless local area network security foundation structure unit also comprises: the second working mode change module is used for described wireless local area network security foundation structure unit being set being in non operating state under data detour pattern; Under the secret and safe pattern, the described network data that described wireless local area network security foundation structure unit will receive is set is encrypted deciphering.
On the other hand, the invention provides a kind of method that realizes wireless local area network security measure, be applied to the network card equipment in the computer, comprising: receive the user environment profile from a WAPI equipment; Receive a WAPI configuration information; Described user environment profile and described WAPI configuration information are compared, when the content in the described user environment profile is included in the described WAPI configuration information, notify described WAPI equipment to send the WAPI information element; The WAPI information element that receives is transmitted to a wireless access points AP, receive from the authorization information of described AP and notify described WAPI equipment, thereby guarantee that described WAPI equipment and described AP successfully set up link, make described WAPI equipment will be sent to described AP by described network card equipment behind the network data encryption, wherein, described authorization information is about described WAPI information element and the AP information that the match is successful.
Preferably, describedly receive from the authorization information of AP and notify after the described WAPI device step, also comprise: to being decrypted from described AP and by the network data after the encryption of described network card equipment.
Preferably, describedly receive from the authorization information of described AP and notify described WAPI equipment, also comprise afterwards: and dynamic negotiation encrypting and decrypting key between the described AP.
Preferably, and dynamic negotiation encrypting and decrypting key between the described AP, also comprise: described WAPI equipment is in the data pattern that detours, and the described network data through self is not encrypted deciphering before.
Preferably, and dynamic negotiation encrypting and decrypting key between the described AP, also comprise afterwards: described WAPI equipment is in the secret and safe pattern, and the described network data through self is encrypted deciphering.
Preferably, described user environment profile comprises local area network (LAN) title SSID and the safe mode corresponding with described SSID at least.
The present invention has following beneficial effect: the technology of using present embodiment, encrypting and decrypting process with the data between the computer and network, carried out hierarchical design with wireless network card, and wireless network card does not need redesign and changes, make in the process that realizes WAPI, no longer rely on wireless network card, reduced cost, reduced the dependence to foreign vendor.
Description of drawings
Fig. 1 is embodiment of the invention computer equipment structural representation;
Fig. 2 is the operation principle schematic diagram of equipment in Vista operating system of the embodiment of the invention;
Fig. 3 is embodiment of the invention method flow schematic diagram one;
Fig. 4 is embodiment of the invention method flow schematic diagram two.
Embodiment
For making purpose of the present invention, technical characterictic and implementation result clearer, below in conjunction with the accompanying drawings and the specific embodiments technical scheme of the present invention is described in detail.
Among the embodiment provided by the invention, adopt hierarchy to realize WAPI, that is, a network card equipment 103 (IHV, Independent Hardware Vendor) is realized wireless network card; ((WPI, WLAN Privacy Infrastructure) realizes independently WAPI software kit in one wireless local area network security foundation structure unit 102; Provide complete WAPI function by a small amount of additional interface for computer.
Present embodiment provides a kind of computer equipment, as shown in Figure 1, includes network card equipment 103, also comprises and described network card equipment 103 WAPI equipment 100 independently mutually, comprises in the described WAPI equipment 100:
Radio local area network authentication infrastructure element 101 is used for sending user environment profile (Profile) and WAPI information element when setting up link with a wireless access points AP; And when the authorization information received from described AP, successfully set up link with described AP; Wherein, described authorization information is about described WAPI information element and the described AP information that the match is successful;
Wireless local area network security foundation structure unit 102 is used for using the encrypting and decrypting key that network data is carried out encryption and decryption after described radio local area network authentication infrastructure element 101 is set up link with described AP;
Network card equipment 103 includes receiving element 1031, judging unit 1032, retransmission unit 1033; Wherein,
Described receiving element 1031 is used for receiving described user environment profile and from the WAPI configuration information of described AP;
Described judging unit 1032 is used for described user environment profile and described WAPI configuration information are compared, when the content in the described user environment profile is included in the described WAPI configuration information, notify described WAPI equipment 100 to send described WAPI information element;
Described retransmission unit 1033 is used for described WAPI information element is transmitted to described AP, and will notify described WAPI equipment 100 from the described authorization information of described AP.
Use the technology of present embodiment, the network data of transmitting between computer equipment and the network is encrypted the function of deciphering, carried out hierarchical design with network card equipment 103, and wireless network card does not need redesign and changes, make in the process that realizes WAPI, no longer need to hold consultation with the manufacturer that produces network card equipment 103, reduced the dependence to foreign vendor.
Among the embodiment, user environment profile comprises local area network (LAN) title (SSID, Service SetIdentifier also can be written as Extended SSID) and the safe mode corresponding with described SSID at least, and WEP Key, uses information such as frequency range.After network card equipment 103 judges that the corresponding safe mode of described SSID belongs to a kind of secured fashion of WAPI, self enter a safe unloading mode, wait for the WAPI information element that receives from the radio local area network authentication infrastructure element 101 in the WAPI equipment 100, network card equipment 103 removes to seek such wireless network and carries out link and connects, described WAPI information element is issued wireless access points (AP, Access Point); Be used for receiving the authorization information from described AP, described authorization information is about described WAPI information element and the AP information that the match is successful.
Also comprise in the radio local area network authentication infrastructure element 101: the key agreement unit, be used for and AP between dynamic negotiation encrypting and decrypting key.
For improving the function of equipment, as shown in Figure 2, be example with normally used Vista operating system, can also comprise in the computer equipment:
Local dispensing unit (ACM automatically, Auto Configuration Module) 105, can regard a protocol stack as, usually in Windows Vista, use, be used for the transmission course in data, request, instruction, encapsulate the standard that these data, request, instruction make it to meet the current computer system.At least will be encapsulated as the form that current local computer system is supported from the described user environment profile of radio local area network authentication infrastructure element 101, directly or by a wireless intermediary driver element 108 send to network card equipment 103.Need to prove, because local dispensing unit 105 automatically normally uses in Windows Vista, and in the operating system that comprises Windows Vista, also should have EAPFramework (802.1X Module), the corresponding function realization of Native 802.11Media Specific Module agreements such as (MSM) unit.
Wireless intermediary driver element 108 is used for described user environment profile and/or described WAPI information element are sent to described network card equipment 103.Radio local area network authentication infrastructure element 101 sends to a wireless intermediary driver element 108 with described WAPI information element, described wireless intermediary driver element 108 sends to described wireless local area network security foundation structure unit 102 with described WAPI information element, is transmitted to described network card equipment 103 by described wireless local area network security foundation structure unit 102.
User interaction unit 106 is used for the interactive function between realization and the user, receives user's input, and shows corresponding feedback information.
Network configuration user interface elements 107, provided by the employed operating system of current computer, interface that the user develops user interaction unit 106 and the application interface function (API) of various functions are provided, and the formed data of the operation of user in user interaction unit 106 have been carried out encapsulation process.
Wireless local area network security foundation structure unit 102 also comprises:
The second working mode change module is used for being in non operating state under non-security mode; Under safe mode, described wireless local area network security foundation structure unit 102 is set the network data that receives is carried out encryption and decryption.
Network card equipment 103 also comprises:
The first working mode change module is used for notifying 103 pairs of network datas that will send of described network card equipment to be encrypted under normal mode, and the network data that receives is decrypted;
Behind the user environment profile of receiving from wireless local area network security foundation structure unit 102, notify described network card equipment 103 to be in safe unloading mode;
Set up after link is connected at network card equipment 103 and AP, notify described network card equipment 103 to be in by pattern (pass-thru mode), by under the pattern, described network card equipment 103 no longer is encrypted deciphering to network data described.
The wireless local area network security measure that using above embodiment provides is realized equipment, is example with normally used Vista operating system, and still as shown in Figure 2, following flow process is followed in each unit in a complete workflow:
In user interaction unit 106, selected the use WLAN according to the pre-arranged procedure, and determined to have generated this moment the network linking request; This network linking request is carried out being sent to a local dispensing unit 105 automatically after the encapsulation process in network configuration user interface elements 107;
The local 105 notice radio local area network authentication infrastructure element 101 of dispensing unit automatically begin to prepare to collect the various configuration informations of local computer;
Radio local area network authentication infrastructure element 101 generates a user environment profile, sends to local dispensing unit 105 automatically, sends to a wireless intermediary driver element 108 after being handled by the automatic dispensing unit 105 in this locality;
After handling, wireless intermediary driver element 108 sends to a wireless local area network security foundation structure unit 102; Because the wireless local area network security foundation structure unit 102 of this moment is in the data pattern (Data Bypass Mode) that detours, therefore directly sent to a network card equipment 103;
After network card equipment 103 is received described user environment profile, know that the current WLAN (wireless local area network) link of carrying out is a kind of link of WAPI mode, then self is placed a safe unloading mode (Security OffloadMode), the link that notice radio local area network authentication infrastructure element 101 is prepared between foundation and the AP;
Radio local area network authentication infrastructure element 101 obtains after the notice, generate a WAPI information element, send to wireless intermediary driver element 108, be transmitted to network card equipment 103 by wireless intermediary driver element 108 by wireless local area network security foundation structure unit 102.
Network card equipment 103 is according to setting up link between described WAPI information element and the described wireless access points, and is in by pattern (Pass-thu Mode), no longer the network data of transmission carried out encryption and decryption under Pass-thu Mode;
Radio local area network authentication infrastructure element 101 is finished the two-way authentication of STA end with the AP of described network card equipment, and dynamic negotiation encrypting and decrypting key;
Wireless local area network security foundation structure unit 102 under an in running order safe mode, uses the encrypting and decrypting key of described dynamic negotiation that network data is carried out encryption and decryption after radio local area network authentication infrastructure element 101 is set up link with AP.
Among the embodiment provided by the invention, provide a kind of wireless local area network security measure implementation method, be applied to the network card equipment 103 in the computer, as shown in Figure 3, having comprised:
Step 201. receives the user environment profile from a WAPI equipment 100;
Step 202. receives a WAPI configuration information;
Step 203. is compared described user environment profile and described WAPI configuration information,
Step 204. notifies described WAPI equipment 100 to send the WAPI information elements when in the content in the described user environment profile the is included in described WAPI configuration information;
Step 205. is transmitted to a wireless access points AP with the WAPI information element that receives,
Step 206. receives from the authorization information of described AP and notifies described WAPI equipment 100, thereby guarantee that described WAPI equipment 100 and described AP successfully set up link, make described WAPI equipment 100 will be sent to described AP by described network card equipment 103 behind the network data encryption, wherein, described authorization information is about described WAPI information element and the AP information that the match is successful.
Use the technology of present embodiment, the network data of transmitting between computer equipment and the network is encrypted the function of deciphering, carried out hierarchical design with network card equipment 103, and wireless network card does not need redesign and changes, make in the process that realizes WAPI, no longer need to hold consultation with the manufacturer that produces network card equipment 103, reduced the dependence to foreign vendor.
Above embodiment is executive agent with the network card equipment 103 in the computer, disclosed corresponding technical scheme, below described WAPI equipment 100 is split into radio local area network authentication infrastructure element 101 and wireless local area network security foundation structure unit 102, described at one and complete set up link and network data is encrypted in the process of deciphering, as shown in Figure 4, the flow process of self function is finished in each unit, comprising:
Step 301. user wants to set up after the network linking with a WLAN (wireless local area network) by operation acknowledgement is current on computers; Radio local area network authentication infrastructure element 101 generates a user environment profile (Profile), sends this user environment profile to a network card equipment 103; Described user environment profile arranges network card equipment 103 and is in safe unloading mode.Wherein, network card equipment 103 comprises corresponding receiving element 1031, judging unit 1032, and retransmission unit 1033 is finished function separately, repeats no more herein.
Wherein, user's operation and affirmation behavior have different implementations under different computer environments, and for example in Windows XP and Windows Vista, graphic interface that can be by clicking wireless network link also carry out according to the pre-arranged procedure.
Step 302. sends to described network card equipment 103 with a WAPI information element (IE, Information Element);
Step 303. network card equipment 103 use described WAPI information element realize and AP between link authentication, and enter and pass through pattern;
By under the pattern, directly finish WAPI with AP and authenticate and key agreement by described radio local area network authentication infrastructure element 101 described for step 304.;
Step 305. wireless local area network security foundation structure unit 102 enters a safe mode, to and AP between the network data transmitted carry out encryption and decryption.
Use the technology of present embodiment, encrypting and decrypting process with the data between the computer and network, carried out hierarchical design with wireless network card, and wireless network card does not need redesign and changes, make in the process that realizes WAPI, no longer rely on wireless network card, reduced cost, reduced the dependence to foreign vendor.
Send this user environment profile to a network card equipment 103, further comprise:
Described network card equipment 103 uses the link authentication between described WAPI information element realization and the AP, also comprises before:
Radio local area network authentication infrastructure element 101 sends to a wireless intermediary driver element 108 with described WAPI information element, described wireless intermediary driver element 108 sends to described wireless local area network security foundation structure unit 102 with described WAPI information element, is transmitted to described network card equipment 103 by described wireless local area network security foundation structure unit 102.
Network card equipment 103 enters by pattern, further comprises:
Described network card equipment 103 is not tested to the described network data of passing through, and described network data is sent to AP.
To and AP between the network data transmitted carry out encryption and decryption, further comprise:
Described network data directly sends to network card equipment 103 after being encrypted by wireless local area network security foundation structure unit 102, is directly connected by link by described network card equipment 103 to send to AP.
Wherein, Profile has comprised that needs connect the service area alias (ESSID of wireless network, ExtendedService Set Identifier) and WEP Key, use information such as frequency range, as Profile of network card equipment 103 loadings, control program will allow network card equipment 103 remove to seek such wireless network and carry out link and connect.
Use the technology of present embodiment, encrypting and decrypting process with the data between the computer and network, carried out hierarchical design with wireless network card, and wireless network card does not need redesign and changes, make in the process that realizes WAPI, no longer rely on wireless network card, reduced cost, reduced the dependence to foreign vendor.
Embodiments of the invention have following beneficial effect, and the realization technology of the realization of WAPI and wireless network card inside is irrelevant; IHV need not change self soft, hardware because of WAPI, only needs to support that a small amount of additional interface can realize the support to WAPI.IHV its soft, the hardware of freely upgrading, ISV its WAPI software of freely upgrading; ISV and IHV need not provide extra resource to the other side; And go for all wireless network cards.
With the encrypting and decrypting process of the data between the computer and network, carried out hierarchical design with wireless network card, and wireless network card does not need redesign and change, make in the process that realizes WAPI, no longer rely on wireless network card, reduced cost, reduced the dependence to foreign vendor.
Should be noted that above embodiment is only unrestricted in order to technical scheme of the present invention to be described, all parameter values can be according to the actual conditions adjustment, and in this rights protection scope.Those of ordinary skill in the art should be appreciated that and can make amendment or be equal to replacement technical scheme of the present invention, and do not break away from the spiritual scope of technical solution of the present invention, and it all should be encompassed in the middle of the claim scope of the present invention.

Claims (11)

1. a computer equipment includes network card equipment, it is characterized in that, also comprise and described network card equipment WAPI equipment independently mutually,
Comprise in the described WAPI equipment:
The radio local area network authentication infrastructure element is used for sending user environment profile and WAPI information element when setting up link with a wireless access points AP; And when the authorization information received from described AP, successfully set up link with described AP; Wherein, described authorization information is about described WAPI information element and the described AP information that the match is successful;
The wireless local area network security foundation structure unit is used for after described radio local area network authentication infrastructure element is set up link with described AP, and use encrypting and decrypting key carries out encryption and decryption to network data;
Network card equipment includes receiving element, judging unit, retransmission unit; Wherein,
Described receiving element be used for to receive described user environment profile and from the WAPI configuration information of described AP;
Described judging unit is used for described user environment profile and described WAPI configuration information are compared, when the content in the described user environment profile is included in the described WAPI configuration information, notify described WAPI equipment to send described WAPI information element;
Described retransmission unit is used for described WAPI information element is transmitted to described AP, and will notify described WAPI equipment from the described authorization information of described AP.
2. equipment according to claim 1 is characterized in that, also comprises:
User interaction unit is used for receiving user's input, and shows corresponding feedback information;
The network configuration user interface elements is used for the input according to described user, notifies described radio local area network authentication infrastructure element to generate a described user environment profile.
3. equipment according to claim 1 is characterized in that, described radio local area network authentication infrastructure element also comprises:
The key agreement unit, be used for and described AP between the described encrypting and decrypting key of dynamic negotiation.
4. equipment according to claim 1 is characterized in that, described network card equipment also comprises:
The first working mode change module is used for being under the normal mode at described network card equipment, notifies described network card equipment that the described network data that will send is encrypted, and the described network data that receives is decrypted;
When the content in the described user environment profile is included in the described WAPI configuration information, described network card equipment is set is in safe unloading mode, wherein said safe unloading mode is used for receiving the described WAPI information element that the described WAPI equipment of arrival sends;
Set up after link is connected at described network card equipment and described wireless access points AP, described network card equipment is set is in one by pattern, by under the pattern, described network card equipment no longer is encrypted deciphering to network data described.
5. equipment according to claim 1 is characterized in that, described wireless local area network security foundation structure unit also comprises:
The second working mode change module is used for described wireless local area network security foundation structure unit being set being in non operating state under data detour pattern; Under safe mode, the described network data that described wireless local area network security foundation structure unit will receive is set is encrypted deciphering.
6. a method that realizes wireless local area network security measure is applied to the network card equipment in the computer, it is characterized in that, comprising:
Receive the user environment profile from a WAPI equipment;
Receive a WAPI configuration information;
Described user environment profile and described WAPI configuration information are compared,
When the content in the described user environment profile is included in the described WAPI configuration information, notify described WAPI equipment to send the WAPI information element;
The WAPI information element that receives is transmitted to a wireless access points AP,
Receive from the authorization information of described AP and notify described WAPI equipment, thereby guarantee that described WAPI equipment and described AP successfully set up link, make described WAPI equipment will be sent to described AP by described network card equipment behind the network data encryption, wherein, described authorization information is about described WAPI information element and the AP information that the match is successful.
7. method according to claim 6 is characterized in that, describedly receives from the authorization information of AP and notifies after the described WAPI device step, also comprises:
To being decrypted from described AP and by the network data after the encryption of described network card equipment.
8. method according to claim 7 is characterized in that, describedly receives from the authorization information of described AP and notifies described WAPI equipment, also comprises afterwards:
And dynamic negotiation encrypting and decrypting key between the described AP.
9. method according to claim 8 is characterized in that, and dynamic negotiation encrypting and decrypting key between the described AP, also comprises before:
Described WAPI equipment is in the data pattern that detours, and the described network data through self is not encrypted deciphering.
10. method according to claim 8 is characterized in that, and dynamic negotiation encrypting and decrypting key between the described AP, also comprises afterwards:
Described WAPI equipment is in safe mode, and the described network data through self is encrypted deciphering.
11. method according to claim 6 is characterized in that,
Described user environment profile comprises local area network (LAN) title SSID and the safe mode corresponding with described SSID at least.
CN200910078145.2A 2009-02-18 2009-02-18 Computer device and method for realizing wireless local area network security measure Active CN101808317B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200910078145.2A CN101808317B (en) 2009-02-18 2009-02-18 Computer device and method for realizing wireless local area network security measure

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200910078145.2A CN101808317B (en) 2009-02-18 2009-02-18 Computer device and method for realizing wireless local area network security measure

Publications (2)

Publication Number Publication Date
CN101808317A CN101808317A (en) 2010-08-18
CN101808317B true CN101808317B (en) 2013-07-03

Family

ID=42609891

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200910078145.2A Active CN101808317B (en) 2009-02-18 2009-02-18 Computer device and method for realizing wireless local area network security measure

Country Status (1)

Country Link
CN (1) CN101808317B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105160240B (en) * 2012-09-20 2018-03-20 北京奇安信科技有限公司 A kind of terminal password protection method and device
CN105392131A (en) * 2015-10-19 2016-03-09 上海斐讯数据通信技术有限公司 Device and method for configuring and managing wireless access point
CN105471848B (en) * 2015-11-17 2018-07-03 无锡江南计算技术研究所 A kind of ethernet controller enhances safely design method
CN111614683B (en) * 2020-05-25 2023-01-06 成都卫士通信息产业股份有限公司 Data processing method, device and system and network card
CN114501512A (en) * 2022-02-18 2022-05-13 广东电网有限责任公司 Network communication system and method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1581775A (en) * 2004-05-14 2005-02-16 上海华曼信息技术有限公司 Apparatus for realizing wireless LAN safety and working method thereof
CN1665183A (en) * 2005-03-23 2005-09-07 西安电子科技大学 Key agreement method in WAPI authentication mechanism
CN1681239A (en) * 2004-04-08 2005-10-12 华为技术有限公司 Method for supporting multiple safe mechanism in wireless local network system
CN101056177A (en) * 2007-06-01 2007-10-17 清华大学 Radio mesh re-authentication method based on the WLAN secure standard WAPI

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1681239A (en) * 2004-04-08 2005-10-12 华为技术有限公司 Method for supporting multiple safe mechanism in wireless local network system
CN1581775A (en) * 2004-05-14 2005-02-16 上海华曼信息技术有限公司 Apparatus for realizing wireless LAN safety and working method thereof
CN1665183A (en) * 2005-03-23 2005-09-07 西安电子科技大学 Key agreement method in WAPI authentication mechanism
CN101056177A (en) * 2007-06-01 2007-10-17 清华大学 Radio mesh re-authentication method based on the WLAN secure standard WAPI

Also Published As

Publication number Publication date
CN101808317A (en) 2010-08-18

Similar Documents

Publication Publication Date Title
US9585088B2 (en) Wireless device registration, such as automatic registration of a Wi-Fi enabled device
JP3961462B2 (en) Computer apparatus, wireless LAN system, profile updating method, and program
JP4545197B2 (en) Wireless network system and communication method using the same
US20050188219A1 (en) Method and a system for communication between a terminal and at least one communication equipment
US8781131B2 (en) Key distribution method and system
JP2010532107A (en) Secure transfer of soft SIM credentials
US11563730B2 (en) Method and electronic device for managing digital keys
CN101808317B (en) Computer device and method for realizing wireless local area network security measure
CN102143492B (en) Method for establishing virtual private network (VPN) connection, mobile terminal and server
JP2013515301A (en) Method, system and smart card for realizing general-purpose card system
CN106254323A (en) The exchange method of a kind of TA and SE, TA, SE and TSM platform
CN102118385A (en) Security domain management method and device
CN109831775B (en) Processor, baseband chip and SIM card information transmission method
CN107948170A (en) Interface requests parameter encryption method, device, equipment and readable storage medium storing program for executing
CN105975867A (en) Data processing method
CN105325021B (en) Method and apparatus for remote portable wireless device authentication
CN107566112A (en) Dynamic encryption and decryption method and server
CN111404706B (en) Application downloading method, secure element, client device and service management device
CN103227804B (en) Use the method that account's proxy module connects superuser account command interpreter
CN106789000A (en) A kind of secret phone system and method based on TEE technologies and wearable device
CN103259711A (en) Method and system for communication information transmission
CN110636491A (en) Service-oriented trusted execution module and communication method
CN104902473A (en) Wireless network access authentication method and device based on CPK (Combined Public Key Cryptosystem) identity authentication
Vahidian Evolution of the SIM to eSIM
CN1921411B (en) Method for creating a user equipment split between a terminal equipment and serially connected equipments

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant